Index: wp-includes/theme.php
===================================================================
--- wp-includes/theme.php	(revision 10774)
+++ wp-includes/theme.php	(working copy)
@@ -849,7 +849,7 @@
 	if ( !current_user_can( 'switch_themes' ) )
 		return;
 
-	$_GET['template'] = preg_replace('|[^a-z0-9_.\-/]|i', '', $_GET['template']);
+	$_GET['template'] = preg_replace('|[^a-z0-9_./-]|i', '', $_GET['template']);
 
 	if ( validate_file($_GET['template']) )
 		return;
@@ -857,7 +857,7 @@
 	add_filter('template', create_function('', "return '{$_GET['template']}';") );
 
 	if ( isset($_GET['stylesheet']) ) {
-		$_GET['stylesheet'] = preg_replace('|[^a-z0-9_.\-/]|i', '', $_GET['stylesheet']);
+		$_GET['stylesheet'] = preg_replace('|[^a-z0-9_./-]|i', '', $_GET['stylesheet']);
 		if ( validate_file($_GET['stylesheet']) )
 			return;
 		add_filter('stylesheet', create_function('', "return '{$_GET['stylesheet']}';") );